Sony said Wednesday that credit card information on its PlayStation Network was encrypted, but it cannot rule out the possibility that it was obtained by the hackers.

PS3 hacker George Hotz, meanwhile, denied any involvement.

"The entire credit card table was encrypted and we have no evidence that credit card data was taken, [but] we cannot rule out the possibility," Sony said in a blog post.

Other personal data, like emails and names, were not encrypted; it was "behind a very sophisticated security system that was breached in a malicious attack," Sony said.

As a result, Sony is warning users that their credit card data "may have been obtained." The three-digit code on the back of the card, known as the CVC or CSC number, was not compromised, but that's because Sony does not request that information so it's not stored on its system.

The fact that Sony encrypted its data is "to be welcomed," according to Sophos analyst Graham Cluley, but "there still remains the question about just how strong the encryption is that Sony used on the credit card data," he wrote in a blog post.

"Sony has once again missed an opportunity to reassure its customers," Cluley continued. "They should have said in the first announcement of the data loss that the credit card data was encrypted, and they shouldin this latest communicationhave provided details of the nature of the encryption that was used."

Sony's PlayStation network has been having issues since last week, but it was not until Tuesday night that Sony confirmed that hackers had obtained personal information from the network, which possibly included credit cards.

Sony said it expects to "restore some services" within a week, but it said Wednesday that "we want to be very clear that we will only restore operations when we are confident that the network is secure."

The company is currently working with law enforcement and a technology security firm on an investigation into what happened. "This malicious attack against our system and against our customers is a criminal act and we are proceeding aggressively to find those responsible," Sony said.

The company does not yet know who is responsible, though Sony said it will pursue those involved "no matter where in the world they might be located."

The outage apparently is not the work of Anonymous, the industry hacker group that announced a worldwide protest in the wake of Sony's litigation against Hotz, who eventually settled with the company. Hotz this week also denied that he was involved.

"To anyone who thinks I was involved in any way with this, I'm not crazy, and would prefer to not have the FBI knocking on my door," Hotz wrote in a Thursday blog post. "Running homebrew and exploring security on your devices is cool, hacking into someone elses server and stealing databases of user info is not cool. You make the hacking community look bad, even if it is aimed at douches like Sony."

Hotz insisted that he is "one of the good guys." One of the projects he was considering earlier this year was a PSN alternative that would allow for jailbroken consoles to download homebrew games. Hotz's legal troubles made him re-think that plan, but had it succeeded,
"you would have a place to game online with your PS3 right now," he said Thursday.

Hotz put the blame for the outage on Sony executives "who declared a war on hackers, laughed at the idea of people penetrating the fortress that once was Sony, whined incessantly about piracy, and kept hiring more lawyers when they really needed to hire good security experts. Alienating the hacker community is not a good idea."

Hotz concluded by urging those responsible not to sell people's information.

Chloe Albanesius has been with PCMag.com since April 2007, most recently as Executive Editor for News and Features. Prior to that, she worked for a year covering financial IT on Wall Street for Incisive Media. From 2002 to 2005, Chloe covered technology policy for The National Journal's Technology Daily in Washington, DC. She has held internships at NBC's Meet the Press, washingtonpost.com, the Tate Gallery press office in London, Roll Call, and Congressional Quarterly. She graduated with a bachelor's degree in journalism from American University...
More »

Automatic Renewal Program: Your subscription will continue without interruption for as long as you wish, unless
you instruct us otherwise. Your subscription will automatically renew at the end of the term unless you authorize
cancellation. Each year, you'll receive a notice and you authorize that your credit/debit card will be charged the
annual subscription rate(s). You may cancel at any time during your subscription and receive a full refund on all
unsent issues. If your credit/debit card or other billing method can not be charged, we will bill you directly instead. Contact Customer Service